NyxInvoke: The Rust-Based Tool Bypassing AMSI & ETW
NyxInvoke
NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon Object Files (BOFs) with built-in patchless AMSI and ETW bypass capabilities. It can be compiled as either a standalone executable or a DLL.
Features
- Execute .NET assemblies
- Run PowerShell commands or scripts
- Load and execute Beacon Object Files (BOFs)
- Built-in patchless AMSI (Anti-Malware Scan Interface) bypass
- Built-in patchless ETW (Event Tracing for Windows) bypass
- Support for encrypted payloads with AES decryption
- Flexible input options: local files, URLs, or compiled-in data
- Dual-build support: can be compiled as an executable or a DLL
Use
Executable Mode
The executable supports three main modes of operation:
- CLR Mode (.NET assembly execution)
- PowerShell Mode
- BOF Mode (Beacon Object File execution)
